donsun 发表于 2013-2-7 09:29:36

FindBugs缺陷类型统计分析(部分)

FindBugs缺陷类型统计分析(部分)

 
目录

1 正确性警告(CORRECTNESS WARNINGS )    4
1.1 AM: CREATES AN EMPTY JAR FILE ENTRY    4
1.2 AM: CREATES AN EMPTY ZIP FILE ENTRY    4
1.3 BC: IMPOSSIBLE CAST    4
1.4 BC: INSTANCEOF WILL ALWAYS RETURN FALSE    5
1.5 BIT: INCOMPATIBLE BIT MASKS    5
1.6 BIT: INCOMPATIBLE BIT MASKS    6
1.7 BIT: INCOMPATIBLE BIT MASKS    6
1.8 BIT: BITWISE OR OF SIGNED BYTE VALUE    7
1.9 BOA: CLASS OVERRIDES A METHOD IMPLEMENTED IN SUPER CLASS ADAPTER WRONGLY    8
1.10 CN: CLASS IMPLEMENTS CLONEABLE BUT DOES NOT DEFINE OR USE CLONE METHOD    8
1.11 CN: CLONE METHOD DOES NOT CALL SUPER.CLONE()    8
1.12 CO: ABSTRACT CLASS DEFINES COVARIANT COMPARETO() METHOD    9
1.13 CO: COVARIANT COMPARETO() METHOD DEFINED    10
1.14 DE: METHOD MIGHT DROP EXCEPTION    10
1.15 DE: METHOD MIGHT IGNORE EXCEPTION    11
1.16 DLS: OVERWRITTEN INCREMENT    11
1.17 NP: POSSIBLE NULL POINTER DEREFERENCE DUE TO RETURN VALUE OF CALLED METHOD    12
1.18 NP: METHOD CALL PASSES NULL FOR UNCONDITIONALLY DEREFERENCED PARAMETER    12
1.19 NP: METHOD CALL PASSES NULL FOR UNCONDITIONALLY DEREFERENCED PARAMETER    13
1.20 NP: NON-VIRTUAL METHOD CALL PASSES NULL FOR UNCONDITIONALLY DEREFERENCED PARAMETER    13
1.21 NP: STORE OF NULL VALUE INTO FIELD ANNOTATED NONNULL    13
1.22 NP: READ OF UNWRITTEN FIELD    13
1.23 NS: QUESTIONABLE USE OF NON-SHORT-CIRCUIT LOGIC    14
1.24 NM: CLASS DEFINES EQUAL(); SHOULD IT BE EQUALS()?    14
1.25 NM: CONFUSING METHOD NAMES    14
1.26 NM: CLASS DEFINES HASHCODE(); SHOULD IT BE HASHCODE()?    15
1.27 NM: CLASS DEFINES TOSTRING(); SHOULD IT BE TOSTRING()?    15
1.28 NM: APPARENT METHOD/CONSTRUCTOR CONFUSION    15
1.29 NM: VERY CONFUSING METHOD NAMES    16
1.30 ODR: METHOD MAY FAIL TO CLOSE DATABASE RESOURCE    16
1.31 ODR: METHOD MAY FAIL TO CLOSE DATABASE RESOURCE ON EXCEPTION    17
1.32 OS: METHOD MAY FAIL TO CLOSE STREAM    18
1.33 OS: METHOD MAY FAIL TO CLOSE STREAM ON EXCEPTION    18
1.34 QBA: METHOD ASSIGNS BOOLEAN LITERAL IN BOOLEAN EXPRESSION    19
1.35 QF: COMPLICATED, SUBTLE OR WRONG INCREMENT IN FOR-LOOP    19
1.36 RC: SUSPICIOUS REFERENCE COMPARISON    20
1.37 RCN: REDUNDANT COMPARISON OF NON-NULL VALUE TO NULL    20
1.38 RCN: REDUNDANT COMPARISON OF TWO NULL VALUES    21
1.39 RCN: REDUNDANT NULLCHECK OF VALUE KNOWN TO BE NON-NULL    21
1.40 RCN: REDUNDANT NULLCHECK OF VALUE KNOWN TO BE NULL    21
1.41 RCN: NULLCHECK OF VALUE PREVIOUSLY DEREFERENCED    21
1.42 RE: INVALID SYNTAX FOR REGULAR EXPRESSION    22
1.43 RE: "." USED FOR REGULAR EXPRESSION    22
1.44 RR: METHOD IGNORES RESULTS OF INPUTSTREAM.READ()    22
1.45 RR: METHOD IGNORES RESULTS OF INPUTSTREAM.SKIP()    23
1.46 RV: RANDOM VALUE FROM 0 TO 1 IS COERCED TO THE INTEGER 0    23
1.47 RV: METHOD CHECKS TO SEE IF RESULT OF STRING.INDEXOF IS POSITIVE    23
1.48 RV: METHOD DISCARDS RESULT OF READLINE AFTER CHECKING IF IT IS NONNULL    23
1.49 RV: REMAINDER OF 32-BIT SIGNED RANDOM INTEGER    24
1.50 RV: METHOD IGNORES RETURN VALUE    24
1.51 SA: SELF ASSIGNMENT OF FIELD    24
2 国际化警告(INTERNATIONALIZATION WARNINGS )    24
2.1 DM: METHOD INVOKES DUBIOUS STRING.TOUPPERCASE() OR STRING.TOLOWERCASE; USE THE LOCALE PARAMETERIZED VERSION INSTEAD    25
3 多线程正确性警告(MULTITHREADED CORRECTNESS WARNINGS )    25
3.1 RU: INVOKES RUN ON A THREAD (DID YOU MEAN TO START IT INSTEAD?)    25
3.2 SC: CONSTRUCTOR INVOKES THREAD.START()    25
3.3 SP: METHOD SPINS ON FIELD    26
3.4 SWL: METHOD CALLS THREAD.SLEEP() WITH A LOCK HELD    26
3.5 TLW: WAIT WITH TWO LOCKS HELD    26
3.6 UG: UNSYNCHRONIZED GET METHOD, SYNCHRONIZED SET METHOD    27
3.7 UL: METHOD DOES NOT RELEASE LOCK ON ALL PATHS    27
3.8 UL: METHOD DOES NOT RELEASE LOCK ON ALL EXCEPTION PATHS    28
3.9 UW: UNCONDITIONAL WAIT IN METHOD    28
3.10 VO: A VOLATILE REFERENCE TO AN ARRAY DOESN'T TREAT THE ARRAY ELEMENTS AS VOLATILE    28
3.11 WS: CLASS'S WRITEOBJECT() METHOD IS SYNCHRONIZED BUT NOTHING ELSE IS    29
3.12 WA: CONDITION.AWAIT() NOT IN LOOP IN METHOD    29
3.13 WA: WAIT NOT IN LOOP IN METHOD    29
4 安全脆弱代码警告(MALICIOUS CODE VULNERABILITY WARNINGS )    30
4.1 EI: METHOD MAY EXPOSE INTERNAL REPRESENTATION BY RETURNING REFERENCE TO MUTABLE OBJECT    30
4.2 EI2: METHOD MAY EXPOSE INTERNAL REPRESENTATION BY INCORPORATING REFERENCE TO MUTABLE OBJECT    30
5 性能问题(PERFORMANCE WARNINGS)    30
5.1 DM: METHOD INVOKES DUBIOUS BOOLEAN CONSTRUCTOR; USE BOOLEAN.VALUEOF(...) INSTEAD    30
6 不提倡的风格(STYLE WARNINGS)    31
6.1 BC: QUESTIONABLE CAST TO ABSTRACT    31
 
1 正确性警告(Correctness Warnings )

1.1 AM: Creates an empty jar file entry

 
项目
内容
BugID
AM_CREATES_EMPTY_JAR_FILE_ENTRY
错误范式
ZipEntry zipEntry=newZipEntry(fileTo);
zipOutputStream.putNextEntry(zipEntry);
zipOutputStream.closeEntry();     
正确范式
ZipEntry zipEntry=newZipEntry(fileTo);
zipOutputStream.putNextEntry(zipEntry);
// do something
FileInputStreamfileInputStream=new FileInputStream(file);
while((n=fileInputStream.read(rgb))>-1)
{
        zipOutputStream.write(rgb,0,n);
}
fileInputStream.close();
// do end
zipOutputStream.closeEntry();
zipOutputStream.close();
描述
创建了一个空的Jar文件
详细
创建了一个空的Jar文件,在调用putNextEntry()和closeEntry()之间,没有做任何写入操作。
重要级别
 
 
1.2 AM: Creates an empty zip file entry

 
项目
内容
BugID
AM_CREATES_EMPTY_ZIP_FILE_ENTRY
错误范式
同上
正确范式
同上
描述
同上
详细
同上
重要级别
 
 
1.3 BC: Impossible cast

 
项目
内容
BugID
BC_IMPOSSIBLE_CAST
错误范式
Object obj = new Object();
Vector list = (Vector)obj;
正确范式
 
描述
必然会导致类型转换异常(ClassCastException)的表达式
详细
导致该错误的几种情况:
<!-- -->1.  <!-- -->无公共基类类型进行显示类型转换
<!-- -->2.  <!-- -->纯基类型向派生类显示类型转换
<!-- -->3.  <!-- -->继承链中非公共节点间进行显示类型转换
 
重要级别
 
 
1.4 BC: instanceof will always return false

 
项目
内容
BugID
BC_IMPOSSIBLE_INSTANCEOF
错误范式
public boolean isBusy()
{
        return false;
}
正确范式
 
描述
某个方法始终返回false
详细
如果有方法始终返回false,那么就要考虑到是不是编码的时候有所遗漏或者会导致逻辑错误,需要谨慎对待。
重要级别
 
 
 
1.5 BIT: Incompatible bit masks

 
项目
内容
BugID
BIT_AND
错误范式
public static final intM_SHOW_WINDOW = 0x01;
public static final intM_WINDOW_VISIBLE = 0x11;
 
public booleanisVisible(int mask)
{
       
        if ((mask & M_SHOW_WINDOW) == M_WINDOW_VISIBLE)
        {
                return true;
        }
        else
        {
                return false;
        }
}
正确范式
public static final intM_SHOW_WINDOW = 0x01;
public static final intM_WINDOW_VISIBLE = 0x11;
 
public booleanisVisible(int mask)
{
       
        if ((mask & M_SHOW_WINDOW) == M_SHOW_WINDOW)
        {
                return true;
        }
        else
        {
                return false;
        }
}
描述
不起作用的掩码
详细
当掩码值设置不合理或判断方式错误时会导致掩码值无论为什么都无法满足程序分支遍历要求,可能是设计或编码问题导致,请确认程序逻辑是否正确。
双目“&”运算符表达式中包含常量,则这个表达式的值必然小于等于这个常量,如果比较的值为一个大于该常量的另一个常量,则该条件永远不会满足。
重要级别
 
 
1.6 BIT: Incompatible bit masks

 
项目
内容
BugID
BIT_AND_ZZ
错误范式
public static final intM_SHOW_WINDOW = 0x0;
 
public booleanisVisible(int mask)
{
       
        if ((mask & M_SHOW_WINDOW) == M_WINDOW_VISIBLE)
        {
                return true;
        }
        else
        {
                return false;
        }
}
正确范式
public static final intM_SHOW_WINDOW = 0x01;
 
public booleanisVisible(int mask)
{
       
        if ((mask & M_SHOW_WINDOW) == M_WINDOW_VISIBLE)
        {
                return true;
        }
        else
        {
                return false;
        }
}
描述
不起作用的掩码
详细
当掩码值设置不合理或判断方式错误时会导致掩码值无论为什么都无法满足程序分支遍历要求,可能是设计或编码问题导致,请确认程序逻辑是否正确。
0不能作为功能掩码,否则表达式(mask & 0) ==0)始终为真,功能掩码失效。
重要级别
 
 
 
1.7 BIT: Incompatible bit masks

 
项目
内容
BugID
BIT_IOR
错误范式
public static final intM_SHOW_WINDOW = 0x11;
public static final intM_WINDOW_VISIBLE = 0x01;
 
public booleanisVisible(int mask)
{
       
        if ((mask | M_SHOW_WINDOW) == M_WINDOW_VISIBLE)
        {
                return true;
        }
        else
        {
                return false;
        }
}
正确范式
public static final intM_SHOW_WINDOW = 0x01;
public static final intM_WINDOW_VISIBLE = 0x11;
 
public boolean isVisible(intmask)
{
       
        if ((mask | M_SHOW_WINDOW) == M_WINDOW_VISIBLE)
        {
                return true;
        }
        else
        {
                return false;
        }
}
描述
不起作用的掩码
详细
当掩码值设置不合理或判断方式错误时会导致掩码值无论为什么都无法满足程序分支遍历要求,可能是设计或编码问题导致,请确认程序逻辑是否正确。
双目“|”运算符表达式中包含常量,则这个表达式的值必然大于等于这个常量,如果比较的值为一个小于该常量的另一个常量,则该条件永远不会满足。
重要级别
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
页: [1]
查看完整版本: FindBugs缺陷类型统计分析(部分)